Build(deps-dev): bump curb from 1.2.2 to 1.3.0

[dependabot]

Bumps curb from 1.2.2 to 1.3.0.

Changelog

Sourced from curb's changelog.

1.3.0

Breaking Changes

• Curl::Multi#close now permanently closes the multi handle. Code that previously called close and then reused the same Curl::Multi instance must now allocate a new multi handle instead. Curl::Multi.autoclose continues to use the internal reusable cleanup path for implicit autoclose and fiber-scheduler reuse.
• Callback exceptions raised during Multi#perform and scheduler-driven Easy#perform are now deferred until in-flight sibling transfers finish draining, and queued replacement work is no longer started once a deferred callback exception is pending. Applications that relied on immediate aborts or that enqueue new work from completion callbacks after a sibling failure may observe different control flow.
• post_body= and raw CURLOPT_POSTFIELDS assignments now snapshot the assigned Ruby string instead of aliasing later mutations to the caller's buffer. In addition, easy.setopt(Curl::CURLOPT_POSTFIELDS, nil) now clears the request body without implicitly switching the request back to GET; callers that relied on the old method-reset behavior must now set the method explicitly.
• close and reset are now blocked while progress, debug, and upload-read callbacks are active, matching the existing restriction for body and header callbacks. Code that performed cleanup directly inside those callbacks must move that work outside the callback.

Changes

• Improve Ruby 4.x and newer libcurl compatibility by addressing typed-data conversion and deprecation issues in the extension build.
• Fix post_body, CURLOPT_POSTFIELDS, multipart form reuse, and resolve cleanup so request buffers and per-request native state stay valid across setup, mutation, and reset.
• Tighten Curl::Easy and Curl::Multi lifecycle cleanup to reduce leaks and stale handle references, including explicit clearing of idle easy.multi back-references when a multi is closed.
• Rework deferred callback exception handling for Easy and Multi so callback failures are re-raised on the originating request after sibling work drains, queued replacement work does not start once a deferred exception is pending, and deferred implicit-multi cleanup stays thread-affine.
• Preserve the original callback exception for frozen Curl::Easy handles instead of raising FrozenError.
• Improve Fiber scheduler integration so scheduler-driven Easy#perform reuses the shared multi correctly, keeps yielding timers/perform blocks while deferred completions drain, and wakes the originating waiter when deferred callback errors surface.
• Add leak-trace tooling plus broader regression coverage for cleanup, callback, scheduler, GC.compact, and test-server stale-lock edge cases; CI now runs the valgrind suite on Linux Ruby 4.0.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #3543.